pfSense with AT&T fiber-- WAN keeps dropping offline

I just got a new ISP account with AT&T Uverse fiber and a Pace 5268AC modem. Set up the modern per these instructions. My WAN connection keeps dropping off line at random several times per hour and I'm not sure why. I've tried working with AT&T tech support, but they claim there aren't any line issues and won't support my router.

So far I haven't found anything else in the logs that might be helpful, but honestly I'm not exactly sure where to start looking. Rebooting the router usually corrects the problem until the next occurrence. I did get AT&T to send me a new modem, but that didn't help.

I did some research and you're right. AT&T only has DMZplus, not bridge mode like I have with Spectrum.

If you go to System -> Advanced -> Miscellaneous tab in the Gateway Monitoring section, is State Killing on Gateway Failure unchecked? It's designed for multi-WAN and when the primary WAN goes down it clears the states so the secondary WAN works properly.

If you only have one WAN & it's checked it might be the issue. Mine was unchecked by default, but it's worth verifying.

It looks like these issues may be due to AT&T network problems. They’ve got a supervisor checking the network equipment in my area to try and figure out what’s going on and have scheduled a tech to come out and replace the fiber to Ethernet converter box inside my house. We’ll see.🤨

Tech came out and replaced ONT box. I'm seeing better network performance but still getting random periods of packet loss up to about 50 - 60% lasting 30 seconds or so. I think this has to be an AT&T network issue. The tech supervisor agrees and is going to have their crews check their splitters (whatever those are???) for my area.

The entire AT&T fiber network in my area is only about a year old. The supervisor I meet with says that currently they still have only a few subscribers in this area and are still finding bugs in the system when new installations are performed. I hope he's right.

We switched to Cox gigablast (their residential fiber product) a while back and encountered oddities over the first year or so. Sounds like similar issues...only a handful of subscribers in the area and a new f/o network roll out that wasn't fully tested ahead of time.

I see you're pinging Google DNS. I know pfSense has an option to kill the WAN states in the event that the loss gets too high. It's possible you're conflating the WAN being down and the route to Google DNS being bad.

@harvy66
I’m just going by the display in the status page. Packet loss hits 100% and lots of high latency alarms in the system log. Tried using AT&T’s DNS servers for monitoring WAN but no difference. Looks to me like the AT&T router is still being used somehow even in DMZ+ mode. I’ve seen lots of complaints online about the very small state tables they use in their firmware. I don’t have the background to know if this is true or not, but I do see lots of “excessive connections” errors in the logs for the fiber modem. The tech crews have checked the lines several times without finding any issues.

What is the DHCP lease time from the AT&T modem? I had a home connection that was passing through the connection to give the internal router (in this case not a pfSense) the public IP, and the DHCP lease time was 10 minutes, which apparently triggered a connection reset on the internal router. Just before every-10-minute disconnections started happening the router firmware was updated, so I'm not sure if the apparent NIC-reset-on-DHCP-renewal was a mew problem with that router's firmware or that AT&T coincidentally lowered the lease time to 10 minutes. I am pretty sure the lease time has not been 10 minutes in the past.

At any rate I worked around it by setting the AT&T modem/router to not pass through the public IP, and to put the router in its DMZ (as I recall I had to restart both devices to get the internal router to appear as an option). The lease time to the router is now 1 day and not as noticeable as the few seconds of dropout at each renewal.

@wgstarks did you ever get this resolved? I have an ATT fiber that is also dropping the connection in the early mornings. Almost every hour from 1am to 5am

No. The AT&T techs seem to be very poorly trained afa troubleshooting goes. After 3 weeks, and about a dozen service calls, I had them disconnect my service and refund the money I had paid them. I’m using Spectrum’s Gigabit plan now. Much more reliable but very expensive compared to AT&T Fiber.

I had this same problem with a Comcast Business connection. It appears that pfSense is very sensitive to packet loss on the WAN interface and will often issue a WAN alarm. I don't know if this is a bug or a feature, but it causes the connection to reset and I'm without internet for a couple minutes at a time. Very annoying. I solved the problem by switching to a Netgear router temporarily, and temporary became semi-permanent.

If you want less sensitivity to WAN alarms, increase the thresholds. If you don't want gateway monitoring at all, turn it off.

Personally, speaking for myself, I find 20% packet loss to be completely unacceptable and the circuit might as well be down.

If you only have one WAN, there is certainly no reason not to crank the thresholds up to 99 to avoid anything that might trigger a gateway event becuase with only one WAN you might as well be down. That way you keep a quality history in Status > Monitoring but don't trigger gateway events.